shell bypass 403

GrazzMean Shell

: /home/gutlooks/www/ [ drwxr-x--- ]
Uname: Linux server.thebazaar99.com 5.14.0-687.17.1.el9_8.x86_64 #1 SMP PREEMPT_DYNAMIC Mon Jun 22 07:21:26 EDT 2026 x86_64
Software: Apache
PHP version: 8.3.32 [ PHP INFO ] PHP os: Linux
Server Ip: 163.227.92.254
Your Ip: 216.73.217.24
User: gutlooks (1003) | Group: gutlooks (1005)
Safe Mode: OFF
Disable Function:
exec,passthru,shell_exec,system

name : index_phonpe.php
<?php
//  function __autoload($class)
//         {
//             include("zebra_cross/admin_login/classess/".$class.".php");
//         }
        
        spl_autoload_register(function($class) {
   include("zebra_cross/admin_login/classess/".$class.".php");
});
        
        $sqlfun = new sqlfunction();
        $admin = new admin_login();
        //echo "1";
        //echo base64_encode(json_encode(array("res"=>"success")));
if($_SERVER['REQUEST_METHOD'] == 'POST') 
         {
                 $json = file_get_contents('php://input');
                 //$response = json_decode($json, true);
                 $datta = array("gateway"=>"phonepe","result"=>$json,"method"=>$_SERVER['REQUEST_METHOD']);
                 $sqlfun->ins_data("cashfree_status",$datta);
                 
                 $response = json_decode($json, true);
                 $value = $response['response'];
                 $json_format = base64_decode($value);
                 $ab = json_decode($json_format);
                 $transaction_id = $response['data']['merchantTransactionId'];
                  if($ab['code'] == 'PAYMENT_SUCCESS') {
                        $sql = "select * from add_money_request where transaction_id = '$transaction_id' && status = 'Pending'";
                        $check = $sqlfun->query($sql);
                        $c_row = $check->fetch(PDO::FETCH_OBJ);
                        $ad_status = $c_row->status;
                        $row_ki_id = $c_row->r_id;
                        $amount = $c_row->amount;
                        $p_id = $c_row->player_id;
                
                //  if(isset($_POST['row_id']) && isset($_POST['status']) && isset($_POST['amount']) && isset($_POST['player_id']))
                //   row_id $row_ki_id
                //   status Pending
                //   amount $amount
                //   player_id  $p_id
                 ///hit for approve request which is in pending status 
                 // URL to hit
                 
                 
                 $dataaa = [
                    'amount' => $amount,
                    'player_id' => $p_id,
                    'status' => 'Pending',
                    'row_id' => $row_ki_id
                ];
                
                $urla = "https://gutlooks.com/zebra_cross/admin_login/process.php"; // Replace with your target URL
                
                // Initialize cURL session
                $ch = curl_init();
                
                // Configure cURL options
                curl_setopt($ch, CURLOPT_URL, $urla);
                curl_setopt($ch, CURLOPT_POST, true); // Use POST method
                curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($dataaa)); // Attach data
                curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); // Receive server response
                curl_setopt($ch, CURLOPT_HTTPHEADER, [
                    'Content-Type: application/x-www-form-urlencoded' // Specify content type
                ]);
                
                // Execute cURL request
                $response = curl_exec($ch);
                  
                  
                  
                  
                  
                  
                 
            
                      
                      
                  }
                 
                 
                 
          }
© 2026 GrazzMean